diff options
author | Gaming4JC <g4jc@hyperbola.info> | 2019-12-30 10:33:31 -0500 |
---|---|---|
committer | Gaming4JC <g4jc@hyperbola.info> | 2019-12-30 20:29:27 -0500 |
commit | 12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1 (patch) | |
tree | 038c36c0214be1e19d11c8bdb58bf82ac4b3a994 /mailnews/base | |
parent | fb7de243f87fa19048e6a86c42636e809e04ba68 (diff) | |
download | UXP-12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1.tar UXP-12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1.tar.gz UXP-12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1.tar.lz UXP-12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1.tar.xz UXP-12eb1554f9ff0c0d8dc49da44b6bd0081b1231a1.zip |
Bug 1599054 - allow callers to ommit sending OAuth2 client_secret parameter.
Diffstat (limited to 'mailnews/base')
-rw-r--r-- | mailnews/base/util/OAuth2.jsm | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm index c838660f0..8c9282d02 100644 --- a/mailnews/base/util/OAuth2.jsm +++ b/mailnews/base/util/OAuth2.jsm @@ -19,7 +19,21 @@ Cu.importGlobalProperties(["fetch"]); // Only allow one connecting window per endpoint. var gConnecting = {}; -function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret) { +/** + * Constructor for the OAuth2 object. + * + * @constructor + * @param {string} aBaseURI - The base URI for authentication and token + * requests, oauth2/auth or oauth2/token will be added for the actual + * requests. + * @param {?string} aScope - The scope as specified by RFC 6749 Section 3.3. + * Will not be included in the requests if falsy. + * @param {string} aAppKey - The client_id as specified by RFC 6749 Section + * 2.3.1. + * @param {string} [aAppSecret=null] - The client_secret as specified in + * RFC 6749 section 2.3.1. Will not be included in the requests if null. + */ +function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret = null) { this.authURI = aBaseURI + "oauth2/auth"; this.tokenURI = aBaseURI + "oauth2/token"; this.consumerKey = aAppKey; @@ -190,7 +204,12 @@ OAuth2.prototype = { let data = new URLSearchParams(); data.append("client_id", this.consumerKey); - data.append("client_secret", this.consumerSecret); + if (this.consumerSecret !== null) { + // Section 2.3.1. of RFC 6749 states that empty secrets MAY be omitted + // by the client. This OAuth implementation delegates this decission to + // the caller: If the secret is null, it will be omitted. + data.append("client_secret", this.consumerSecret); + } if (aRefresh) { this.log.info( |